Total
12731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14740 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query. | |||||
| CVE-2018-14739 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c. | |||||
| CVE-2018-14738 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c. | |||||
| CVE-2018-14712 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. | |||||
| CVE-2018-14615 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. | |||||
| CVE-2018-14590 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | |||||
| CVE-2018-14586 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | |||||
| CVE-2018-14564 | 1 Thunlp | 1 Thulac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h. | |||||
| CVE-2018-14563 | 1 Thunlp | 1 Thulac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption. | |||||
| CVE-2018-14559 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | |||||
| CVE-2018-14557 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. | |||||
| CVE-2018-14531 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp. | |||||
| CVE-2018-14522 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | |||||
| CVE-2018-14521 | 1 Aubio | 1 Aubio | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. | |||||
| CVE-2018-14443 | 1 Gnu | 1 Libredwg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | |||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | |||||
| CVE-2018-14338 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. | |||||
| CVE-2018-14320 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. | |||||
| CVE-2018-14290 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222. | |||||
| CVE-2018-14047 | 1 Pngwriter Project | 1 Pngwriter | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file | |||||